Start::
CreateRestorePoint:
CloseProcesses:

2026-04-25 14:07 - 2026-04-25 14:07 - 000000000 ____D C:\Users\giann\AppData\Local\Yandex
2026-04-25 14:06 - 2026-04-25 14:06 - 000000000 ____D C:\Users\giann\xx.exe
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
2026-04-25 14:05 - 2023-08-10 21:35 - 000000000 ____D C:\Users\giann\AppData\Roaming\RenPy
CustomCLSID: HKU\S-1-5-21-3333353783-57471917-1214628934-1001_Classes\CLSID\{5C4D8D77-5B87-40CA-884E-F56858227E5C}\localserver32 -> C:\Users\giann\AppData\Local\Programs\TeamSpeak\notification_helper.exe => No File
AlternateDataStreams: C:\WINDOWS\tracing:? [16]
FirewallRules: [UDP Query User{23C350C4-0427-41B3-B1DE-5F4EE82B060E}D:\program files (x86)\steam\steamapps\common\don't starve together\bin64\dontstarve_dedicated_server_nullrenderer_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\don't starve together\bin64\dontstarve_dedicated_server_nullrenderer_x64.exe => No File
FirewallRules: [TCP Query User{AAE6C103-E892-4CA6-8691-CFFCBF9C5BE6}D:\program files (x86)\steam\steamapps\common\don't starve together\bin64\dontstarve_dedicated_server_nullrenderer_x64.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\don't starve together\bin64\dontstarve_dedicated_server_nullrenderer_x64.exe => No File
FirewallRules: [{2AC61225-B8F3-4397-90BE-560D05C49735}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{721D4AFC-CD5A-4D39-8AC1-94280303D9D3}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => No File
FirewallRules: [{1C61F954-269F-4E5B-A1EF-1348D43574DB}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [{0016878D-355F-42EC-8DCD-AA3535464B25}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe => No File
FirewallRules: [UDP Query User{9EC48568-2E3C-47F5-AD97-DA3556C66727}D:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe => No File
FirewallRules: [TCP Query User{D5A20B04-DC02-48A1-8637-B315341527AF}D:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\bloodstained ritual of the night\bloodstainedrotn\binaries\win64\bloodstainedrotn-win64-shipping.exe => No File
FirewallRules: [UDP Query User{D9214847-47B5-422B-A342-D6CF55623438}D:\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe] => (Allow) D:\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe => No File
FirewallRules: [TCP Query User{E55BC003-F120-401E-AB92-1390E3D54AE7}D:\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe] => (Allow) D:\star rail\games\starrail_data\plugins\x86_64\zfgamebrowser.exe => No File
FirewallRules: [UDP Query User{860F836E-C4C2-48A4-9A22-65A0402DCDDF}D:\star rail\games\starrail.exe] => (Allow) D:\star rail\games\starrail.exe => No File
FirewallRules: [TCP Query User{B271C900-DAA7-48EF-9876-E0D900EA4C0D}D:\star rail\games\starrail.exe] => (Allow) D:\star rail\games\starrail.exe => No File
FirewallRules: [UDP Query User{0A82AFA3-FF9E-45F5-AE8A-41D5453E4FEF}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{0755866D-40AE-425C-81E7-940E5EA5F4BA}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [UDP Query User{D8575122-F4CB-4457-B717-6585FED68E94}D:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Block) D:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [TCP Query User{6DF6B553-B231-46CD-9141-7E7E030B8E0A}D:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe] => (Block) D:\program files\genshin impact\genshin impact game\genshinimpact_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [UDP Query User{D18A5531-CA3A-47D8-BE25-94AA44C62DFB}D:\red dead redemption 2\rdr2.exe] => (Allow) D:\red dead redemption 2\rdr2.exe => No File
FirewallRules: [TCP Query User{10980324-6FC4-4CEF-9E57-4F21528A5F89}D:\red dead redemption 2\rdr2.exe] => (Allow) D:\red dead redemption 2\rdr2.exe => No File
FirewallRules: [UDP Query User{9579C922-40E7-417A-BD24-E35092944709}D:\overwatch\_retail_\overwatch.exe] => (Allow) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{7D05FD88-74AF-4C06-BBEB-CEF242C867E3}D:\overwatch\_retail_\overwatch.exe] => (Allow) D:\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{244D3B14-E8D6-4B76-8016-1135B3B5AF8A}D:\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [TCP Query User{0B3F66A9-EB3A-45ED-932A-C28BF5DC8DE2}D:\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\cyberpunk 2077\bin\x64\cyberpunk2077.exe => No File
FirewallRules: [UDP Query User{3CE014E6-D165-4B88-A6D5-9CF65908B945}D:\honkai impact\honkai impact 3rd glb\games\bh3_data\plugins\zfgamebrowser.exe] => (Allow) D:\honkai impact\honkai impact 3rd glb\games\bh3_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [TCP Query User{8471CD87-B42C-44CC-8E03-409A5883F0F4}D:\honkai impact\honkai impact 3rd glb\games\bh3_data\plugins\zfgamebrowser.exe] => (Allow) D:\honkai impact\honkai impact 3rd glb\games\bh3_data\plugins\zfgamebrowser.exe => No File
FirewallRules: [UDP Query User{92A7ADC7-2D3C-41D5-93D7-E1B0B57426E4}D:\honkai impact\honkai impact 3rd glb\games\bh3.exe] => (Allow) D:\honkai impact\honkai impact 3rd glb\games\bh3.exe => No File
FirewallRules: [TCP Query User{551BEC98-1E06-4F85-827B-CB854FBEFEB5}D:\honkai impact\honkai impact 3rd glb\games\bh3.exe] => (Allow) D:\honkai impact\honkai impact 3rd glb\games\bh3.exe => No File
FirewallRules: [{DDF0697A-78F4-45FD-B913-6E52669A18AD}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{F622DE98-7367-4531-95DE-7D1D24F4BBF7}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [UDP Query User{DC4CB248-66B7-4B97-B18B-B782D332E73B}D:\program files\epic games\sopfinalfantasyorigin\sopffo.exe] => (Allow) D:\program files\epic games\sopfinalfantasyorigin\sopffo.exe => No File
FirewallRules: [TCP Query User{23ED8632-2BB4-4A54-BC9E-2C9D43FAC054}D:\program files\epic games\sopfinalfantasyorigin\sopffo.exe] => (Allow) D:\program files\epic games\sopfinalfantasyorigin\sopffo.exe => No File
FirewallRules: [{062641AE-0ABE-427E-9C4D-D2DE000B40D1}] => (Allow) D:\Elgato\4KCaptureUtility\4KCaptureUtility.exe => No File
FirewallRules: [UDP Query User{D33A383A-C6A5-4A58-847F-587F0DB2E531}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => No File
FirewallRules: [TCP Query User{3BC52629-53E4-4206-BD11-0030C99A7012}D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\tekken 7\tekkengame\binaries\win64\tekkengame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{E9B2AFFB-7AF4-45D6-B9D1-0EC70397710A}D:\jim\desktop\vseeface\vseeface.exe] => (Allow) D:\jim\desktop\vseeface\vseeface.exe => No File
FirewallRules: [TCP Query User{572F3E22-1BF9-4172-B057-02AF9EEE56C7}D:\jim\desktop\vseeface\vseeface.exe] => (Allow) D:\jim\desktop\vseeface\vseeface.exe => No File
FirewallRules: [UDP Query User{7FE48166-22C6-4B36-A7B1-036F9AA915CA}D:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [TCP Query User{42904FE8-E6F2-4493-9096-F8CC4FA5D199}D:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{F4BE1E72-E251-45E8-8C7C-2207966B5819}D:\jim\desktop\vseeface\vseeface.exe] => (Allow) D:\jim\desktop\vseeface\vseeface.exe => No File
FirewallRules: [TCP Query User{3E839CC3-454F-4E1A-8A7C-71C2B22D8A2F}D:\jim\desktop\vseeface\vseeface.exe] => (Allow) D:\jim\desktop\vseeface\vseeface.exe => No File
FirewallRules: [UDP Query User{C604E0D1-D132-47F2-9CF0-E72C872D589A}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => No File
FirewallRules: [TCP Query User{4C23E4EE-EBE0-4512-A32C-9026B0208486}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe => No File
FirewallRules: [{482905CE-A8F4-4926-8956-76DC1D6910AC}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe => No File
FirewallRules: [{4A602741-114B-4A62-95AF-86691585D2C8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\3tene\3tene\3tene.exe => No File
FirewallRules: [{34EB3210-B3EC-4026-A9C1-8B083CA98EE8}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\3tene\3tene\3tene.exe => No File
FirewallRules: [UDP Query User{8C1CEE13-48A4-45AF-9330-0B6D58273D0F}D:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [TCP Query User{239042DA-9C90-4923-A197-CE27B5844884}D:\program files\genshin impact\genshin impact game\genshinimpact.exe] => (Allow) D:\program files\genshin impact\genshin impact game\genshinimpact.exe => No File
FirewallRules: [UDP Query User{007B4E1A-BC7A-478C-BBD0-773DF8011E67}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [TCP Query User{44D8CDBB-5F07-472F-B5B5-35B2BE98F5B9}D:\program files\epic games\gtav\gta5.exe] => (Allow) D:\program files\epic games\gtav\gta5.exe => No File
FirewallRules: [{F2817F46-C73C-4030-B038-5E18FE08F2AA}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{ECD45ADC-0029-43FB-A026-6E75C19D8AAD}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{BD983607-0CC8-44B0-9330-987B7E77FBDB}D:\program files (x86)\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe => No File
FirewallRules: [TCP Query User{217C6121-F4F2-48CA-BC5D-9F2DF5DC2F28}D:\program files (x86)\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe => No File
FirewallRules: [{03B93153-56B5-49CA-8BCC-A83249A6A6BE}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{37D17C84-5EED-4938-A57B-CBAF3D604A9A}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\FINAL FANTASY XIV Online\boot\ffxivboot.exe => No File
FirewallRules: [{FB1B6193-4DE9-4278-876E-81215112245E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe => No File
FirewallRules: [{06539F3B-30E3-454D-805F-60C31B963E7E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Lab\TheLab\win64\TheLab.exe => No File
FirewallRules: [{37304419-9E7C-472D-A251-7AB42A10B70F}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe => No File
FirewallRules: [{4BFFBFA6-11CD-467D-9352-083B755DE590}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe => No File
FirewallRules: [{F40DEED2-F6A6-41D4-B265-FE7D0A1FD5D2}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe => No File
FirewallRules: [{4C389733-85C0-415A-A39A-3E49AFA4C4A7}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe => No File
FirewallRules: [{15930FB4-A5AF-4A20-91FB-83515D8202FE}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe => No File
FirewallRules: [{19136BAB-FC95-4EDE-87F8-2E6777139A50}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe => No File
FirewallRules: [{94E1C911-70A1-4205-81F8-FACB6CB83220}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe => No File
FirewallRules: [{DB71AEDE-5206-4F6F-B4B5-64D7D518A7E0}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe => No File
FirewallRules: [{5AD53029-A6A1-4C99-B7DF-98531A937567}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{8138B721-ACAD-4C9C-8E7A-EC05F396B1ED}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{29A040BA-0ECD-402E-B759-B3532EA458CE}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{CFC1DE84-DF5A-4E66-9783-70B1D3AD06AB}D:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) D:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [{04D494B3-02F1-4045-958A-0B887B6CDFEA}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [{881BA042-1ACF-4706-A2E4-2173F881736D}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\ELDEN RING\Game\start_protected_game.exe => No File
FirewallRules: [TCP Query User{3CBF6209-C9B2-41A8-8568-1BEC7C3EB12E}D:\program files (x86)\steam\steamapps\common\black myth wukong benchmark tool\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\black myth wukong benchmark tool\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [UDP Query User{258885F5-28A5-4E2E-B6C0-1C43609B846D}D:\program files (x86)\steam\steamapps\common\black myth wukong benchmark tool\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\black myth wukong benchmark tool\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [TCP Query User{D2C5BD50-1A3E-4450-8470-46616DBB372E}D:\program files\epic games\alienisolation\ai.exe] => (Allow) D:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [UDP Query User{53B8D58A-FFD1-414E-9675-6D65E49D8AA1}D:\program files\epic games\alienisolation\ai.exe] => (Allow) D:\program files\epic games\alienisolation\ai.exe => No File
FirewallRules: [TCP Query User{2136406F-3833-4319-B5B2-E83249C2A1E7}D:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [UDP Query User{6F03E968-646D-40B7-AFC2-9E4937513748}D:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\blackmythwukong\b1\binaries\win64\b1-win64-shipping.exe => No File
FirewallRules: [{84D75FE4-68FA-4C85-A457-6A7911F08E2B}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{3F659EDA-E19B-4924-A64E-DD519D75041D}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{605A3D58-5FBA-4DE7-9B77-8F4A67FE3658}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => No File
FirewallRules: [TCP Query User{203B5199-B750-430D-8109-6F310472D56D}C:\program files (x86)\infinitynikkioversea\0.0.0.1\xstarter.exe] => (Allow) C:\program files (x86)\infinitynikkioversea\0.0.0.1\xstarter.exe => No File
FirewallRules: [UDP Query User{EAF437C1-FDE5-4B5B-9273-7A7A50F211EA}C:\program files (x86)\infinitynikkioversea\0.0.0.1\xstarter.exe] => (Allow) C:\program files (x86)\infinitynikkioversea\0.0.0.1\xstarter.exe => No File
FirewallRules: [TCP Query User{2CEE08B0-EE58-422E-BB19-7C9F4C022D79}D:\infinitynikki\x6game\binaries\win64\x6game-win64-shipping.exe] => (Allow) D:\infinitynikki\x6game\binaries\win64\x6game-win64-shipping.exe => No File
FirewallRules: [UDP Query User{28EBE584-F5B9-4134-85DC-962B95B3FF03}D:\infinitynikki\x6game\binaries\win64\x6game-win64-shipping.exe] => (Allow) D:\infinitynikki\x6game\binaries\win64\x6game-win64-shipping.exe => No File
FirewallRules: [TCP Query User{61E72AD1-8311-4F15-98CE-BCA92817A140}D:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7FE9ACEC-4E9B-4501-A15C-5B19FF3A413A}D:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\backrooms_escape_together\bet\binaries\win64\betgame-win64-shipping.exe => No File
FirewallRules: [{35148E55-27F6-436D-A48C-26747F5EABA2}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Curse of Monkey Island\ScummVM\scummvm.exe => No File
FirewallRules: [{E21A539D-4AE6-4160-90AA-5B781B77DE20}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\The Curse of Monkey Island\ScummVM\scummvm.exe => No File
FirewallRules: [{7ABA7B41-EF3A-4C44-B68D-8F583F71C597}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Nightmares II\EnhancedEdition\Little_Nightmares_II_Enhanced.exe => No File
FirewallRules: [{50CEB637-0ED2-4593-AB40-0D3A9CADE412}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Little Nightmares II\EnhancedEdition\Little_Nightmares_II_Enhanced.exe => No File
FirewallRules: [TCP Query User{B8D7B3C1-2A65-47E3-A990-FB9CF0C96812}D:\chiaki ps remote play\chiaki.exe] => (Allow) D:\chiaki ps remote play\chiaki.exe => No File
FirewallRules: [UDP Query User{5931662C-EABC-4F78-BE7E-33213644F3FA}D:\chiaki ps remote play\chiaki.exe] => (Allow) D:\chiaki ps remote play\chiaki.exe => No File
FirewallRules: [{20E3B1CC-DD8A-4196-A244-BD831EBE2ACC}] => (Allow) D:\program files\asus\aacambienthal\aacambientlighting.exe => No File
HKU\S-1-5-21-3333353783-57471917-1214628934-1001\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\giann\AppData\Local\WhatsApp\Update.exe --processStart "WhatsApp.exe" (No File)
HKU\S-1-5-21-3333353783-57471917-1214628934-1001\...\Run: [RiotClient] => D:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
ShortcutTarget: ctrl - alt.lnk -> C:\Users\giann\AppData\Roaming\KeyTik\Active\ctrl - alt.ahk (No File)
Task: {7F10FC11-F77F-43ED-B7EA-D3F389FD8192} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe  (No File)
Task: {670DAE59-931C-48AD-B6FB-4526711B853C} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (No File)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-3333353783-57471917-1214628934-1001\...\Run: [Media Info Service] => C:\Users\giann\xx.exe\MediaInfoService.exe [2083928 2026-04-25] (Tenorshare (Hongkong) Limited -> Tenorshare) <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6814BF68-BEB2-435A-A761-40FCDE46F68E} - System32\Tasks\Media Info Service => C:\Users\giann\xx.exe\MediaInfoService.exe [2083928 2026-04-25] (Tenorshare (Hongkong) Limited -> Tenorshare) <==== ATTENTION
S3 cpuz159; \??\C:\WINDOWS\temp\cpuz159\cpuz159_x64.sys (No File) <==== ATTENTION

2026-04-25 14:06 - 2026-04-25 14:06 - 002800128 _____ () [File not signed] C:\Users\giann\xx.exe\SDL3.dll
2026-04-25 14:06 - 2026-04-25 14:06 - 000078848 _____ (Finkit d.o.o.) [File not signed] C:\Users\giann\xx.exe\Plugins.Opera.dll
2026-04-25 14:06 - 2026-04-25 14:06 - 000065536 _____ (Lamantine Software a.s.) [File not signed] C:\Users\giann\xx.exe\cvFormat.dll
2026-04-25 14:06 - 2026-04-25 14:06 - 000139352 _____ (Tenorshare (Hongkong) Limited -> ) [File not signed] C:\Users\giann\xx.exe\avdevice-59.dll



StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:


StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

EmptyTemp:
End::